Each year, computer systems face increasing numbers of vulnerabilities. For example, the Computer Security Institute reported 417 vulnerabilities for the year 1999, 1,090 vulnerabilities for the year 2000, 2,437 for the year 2001, 4,129 for the year 2002 and 3,784 for the year 2003. Not only has the reported number of vulnerabilities increased dramatically since 1999, the increasing number of computer systems which are interconnected with other computer systems in a computer network and the increasing complexity of such networks have made the task of protecting computer systems from such vulnerabilities increasingly difficult and costly.
For example, it has become quite difficult for a network security administrator to maintain an accurate inventory of hardware and, in particular, software programs residing on each computer system that form part of a computer network. Indeed, only minutes are needed for a user to download new software programs onto a computer system from the Internet. With each new piece of hardware or software added to a computer system, another potential vulnerability from which the computer network must be protected is created. However, the network security administrator may not even be aware of the need to remediate the computer network to address a newly discovered vulnerability in a particular piece of computer hardware or software if the network security administrator erroneously believes that the hardware or software is not installed within any of the computer systems forming the computer network.
Currently, many network security administrators use vulnerability scanning software or managed security providers to test individual computer systems of a computer network for security weaknesses. Scanning software can automatically examine the components in a computer system and determine whether any vulnerabilities exist in the components. Typically, such tools generally provide detailed information on the vulnerabilities found in the computing environment of the tested computer systems, but provide limited means for correcting or resolving the detected vulnerabilities. In order for the network security administrator to remove the vulnerabilities, the network security administrator must typically expend a large amount of labor and resources to identify vulnerabilities. Additional labor is then required to install the vulnerability remediation or otherwise resolve the identified vulnerabilities. Oftentimes, this involves the network security administrator visiting each affected computer system and manually applying the necessary remediation. In addition, once a remediation is applied to a computer system, a user can easily remove it or install additional software that invalidates the remediation, thereby wasting all of the effort expended during the initial installation of the vulnerability resolution and meanwhile leaving the network administrator to believe the network is safe.
U.S. Patent Publication No. 2003/0126472 to Banzhof, published Jul. 3, 2003, discloses an automated vulnerability resolution system in which a remediation database is constructed from an aggregation of vulnerability information for plural computer vulnerabilities. Remediation signatures to address these vulnerabilities are constructed for subsequent deployment to a client remediation server. Banzhof further discloses managed remediation techniques that include the selective deployment, by the client remediation server, of the remediation signatures to resolve vulnerabilities of computers coupled to the client remediation server.
While Banzhof represents a significant improvement over prior techniques that required the manual remediation of vulnerable computer systems, the automated vulnerability resolution system disclosed in Banzhof requires significant control of the remediation process by the network security administrator operating the client remediation server. More specifically, while the network security administrator has been provided with a series of remediation signatures capable of resolving vulnerabilities within the network, the network security administrator was still responsible for vulnerability identification and remediation tasks.